Cyber Security News

Recently, ransomware like WannaCry or Petya has generated dramatic headlines around the globe. The pernicious online threats have become a shooting star among malware vectors, gaining notoriety and troubling millions of businesses and individuals alike. However, another cyberthreat lurking beneath the surface and causing even greater damage is business email compromise (BEC).

Unlike most other cybercrime activity, BEC entirely depends upon social engineering. It involves a faked email from a co-worker or corporate executive that short-cuts internal processes and asks the finance department to make a payment. A ploy that appears to be fairly simple-minded turns out to be both surprisingly effective and lucrative.

Perpetrators typically begin their campaign with reconnaissance. This includes scouting the company’s hierarchy, corporate executives, and employees. While life for the bad guys was much more difficult — perhaps next to impossible — in the good old days, the advent of social media has turned things upside down. With introductions to the leadership team on the target’s website, along with their profiles published on Facebook, Google+, LinkedIn, and so on, perpetrators can hardly believe their luck. Gathering information has never been easier. BEC has literally become the land of milk and honey for cybercriminals.

A notorious computer Trojan which can be used by cybercriminals to drain bank accounts is now active in more than 40 countries across the world, researchers have found.

The malicious software – known as "Trickbot" – was most recently spotted infecting machines across Latin America including Argentina, Chile, Colombia and Peru, according to Limor Kessem, a security expert at IBM's X-Force division, in an analysis this week (11 October).

The number of infections in Latin America remains small, but IBM researchers believe that such a strategy is run-of-the-mill for the cybercrime gang responsible, which is known to "test the waters" before adding local banks to its list of official targets.

After any major breach, the entire security community clamors to weigh in. The headlines are filled with advice and suggestions as vendors advocate for their solutions and consultants push training. The response of breached companies is almost always the same: they offer free credit monitoring. I have plenty of thoughts on why that is ineffective, but the short version is that this approach is like putting up a sign saying that a bridge is out… behind you.

Predictably, the usual advice is offered about strengthening passwords, utilizing two-factor authentication, and the like. But what you really need to do to protect yourself from the effects of a breach depends on what information was revealed. Whether password lists, account names, credit card information, personal identifiers, financial information, or personal information, each of these can lead to different kinds of attacks that require different defenses. In light of this, I suggest a change that anyone can make, which is particularly relevant to the Equifax breach but is also generally effective. So, in addition to the methods listed above, I suggest taking advantage of one of the most effective and durable tactics: lying.

There are three kinds of attacks enabled by the Equifax breach. First, the financial and personal information can be used to open fraudulent lines of credit. The best defense for this is a credit freeze at all three credit reporting bureaus. Second, the financial information can help attackers target high-value individuals for other kinds of scams or attacks. For targeting, a combination of anonymity and paranoia are your best bet. Finally, the information exposed reveals details about the victims that are often used in security questions. This brings me to my point about lying — to avoid losing personal information via security questions, lie about the answers.

Fighting malware is a modern arms race. Not only has malware evolved to be more evasive and harder to detect, but their vast numbers make it even more difficult to handle. As a result, detecting a malware has become a big data problem which requires the help of self-learning machines to scale the knowledge of analysts, handle the complexity beyond human capabilities, and improve the accuracy of threat detection.

There are number of approaches to this problem; choosing the right algorithm to serve the security engine’s purpose is not an easy task. In this article, we will refer to machine learning (ML) as an application of artificial intelligence (AI) where computers learn without being explicitly programmed. We will look into some use cases and challenges, starting with an interesting question: why do we see this growing trend now? The answer has to do with lower costs and increased availability of private and public cloud technology for collecting, storing and analyzing big data in real time, and the academic research progress in ML and related algorithms such as Deep Neural Networks (DNN).

The SmartVista platform is used by major organizations around the world for online banking, e-commerce, ATM and card management, and fraud prevention. The core components of the SmartVista suite are the Front-End and Back-Office systems.

Researchers at Rapid7 discovered that the SmartVista Front-End, specifically version 2.2.10 revision 287921, is affected by two SQL injection vulnerabilities.

A Eastern European hacking group hijacked U.S. state government servers to dispense malware through phishing emails that were designed to appear like they had come from the Securities and Exchange Commission, according to research by Cisco’s Talos team and an analysis by other cybersecurity experts familiar with the activity.

The technical findings connect a known advanced persistent threat (APT) group, codenamed FIN7 by U.S. cybersecurity firm FireEye, to a sophisticated intrusion technique that was detected in a recent wave of spoofed emails that mimicked the SEC’s domain. The messages carried malware-laden Microsoft Word documents mentioning financial disclosure information from the EDGAR system.

FIN7 is believed to represent a eastern European criminal enterprise that speaks Russian and operates internationally.

Microsoft today issued patches for three critical vulnerabilities in the Windows DNS client in Windows 8, Windows 10, and Windows Server 2012 and 2016 that ironically came via a security feature.

The heap buffer-overflow flaws discovered by researchers at Bishop Fox – and fixed via the new CVE-2017-11779 security update amid Microsoft's October Patch Tuesday batch - could allow an attacker to wrest away full control of the targeted Windows machine without the victim taking any action at all. The bugs were found specifically in Microsoft's implementation of one of the data record features used in the secure Domain Name System protocol, DNSSEC.

DNSSEC is a security layer for DNS that digitally signs and validates a DNS so it can't be spoofed.

Businesses are exploring new use cases for endpoint data beyond backup and recovery, reports a new survey by Code42. Researchers polled 155 IT professionals and business decision-makers on the show floor at the 2017 VMworld U.S. and found 65% use this data for more than backup.

Security investigation, cited by 55% of respondents, is the most common use case for endpoint user data, followed by device migration to Windows 10 (53%), and eDiscovery (47%). When asked what they wanted to use endpoint data for, security topped the list again among 45% of respondents, followed by device migration (44%) and ransomware recovery (43%).

It's mission-critical or important to be able to use endpoint user data for services like analytics, security, and migration, reported 64% of survey respondents. Endpoints are becoming a more important data source: 42% of businesses store between 50-100% of their data on endpoints, and 83% believe endpoint data is "extremely or very important" to their business.

The future of artificial intelligence was a hot topic at the third annual CYBERSEC Cybersecurity Forum, where security professionals representing Poland, the Netherlands, Germany, and the United Kingdom discussed the pitfalls and potential of AI, and its role in the enterprise.

Is it too soon to have this discussion? Absolutely not, said Axel Petri, SVP for group security governance at Deutsche Telekom AG. "Now is the time to ask the questions we'll have answers for in ten, twenty years," he added. Cybersecurity supported by AI and machine learning can leverage data to generate more insight and fight fraud.

"You are able to use the workforce you have in a smarter and better way by using AI," he said. "How nice would it be if we could have a junior SOC analyst act as well as the smartest guy in the SOC, of which you currently have very few?"

"Although our UK business was not breached, the attack regrettably compromised the personal information of a range of UK consumers," the company said in an emailed statement.

The company, which last month announced one of the most potentially damaging data breaches affecting some 145 million Americans, said the attackers also accessed a file containing 15.2 million records on 693,665 British nationals.

"Equifax takes this illegal and unprecedented breach of consumers' data extremely seriously and has begun writing to the groups of consumers outlined below to notify them of the nature of the breach and offer them appropriate advice," the statement said.

Billions of Internet of Things devices exist in offices and homes across the world, including everything from sensors and home assistants to connected children's toys.

But many producers of IoT devices have rushed out products with almost no thought put into cybersecurity. Not only has this resulted in data breaches as a result of IoT products with weak security, but also ended up with connected devices being roped into botnets and used to carry out DDoS attacks, or being used as an entry-point for hacking into the wider network.

While the idea of IoT devices being exploited to carry out devastating cyberattacks might seem far-fetched, it's worth remembering that technology moves forward at an alarming rate: IoT devices distributed in the next few years could still be operating in ten or twenty years -- with no way of receiving security updates.

The security hole, tracked as CVE-2017-11779, was discovered by researchers at Bishop Fox and it affects Windows Server 2012 and 2016, Windows 8.1 and Windows 10. Microsoft said the vulnerability exists due to the way the Windows DNSAPI (dnsapi.dll) handles DNS responses.

The vendor said there was no evidence of exploitation in the wild and believes the weakness is “less likely” to be exploited.

According to Bishop Fox, an attacker needs to be in a man-in-the-middle (MitM) position in order to exploit the flaw (e.g. via an unprotected public Wi-Fi connection that the victim connects to).

Google is serving up a number of new security features in it new Android 8.0 Oreo - one of which is expected to put it on par with Apple's iOS when it comes to delivering software updates, say security researchers.

Android devices, which are notorious for falling behind on operating system (OS) updates and patches, should have a speedier path to the latest version of the OS under Oreo's so-called Project Treble feature.

"Enterprises will be able to maintain a more up to date fleet of devices that are patched against vulnerabilities that can lead to the loss of data," says Andrew Blaich, security researcher at Lookout.

f you have recently installed the AdBlock Plus extension for Google Chrome, you may want to double check if it is the real deal as a fake has reportedly been installed by as many as 37,000 people.

The fraudulent extension was quickly pulled after being highlighted yesterday (10 October) by cybersecurity personality SwiftOnSecurity. The fake extension raises further question marks over the vetting process on Google's official Web Store.

SwiftOnSecurity noted that the extension successfully tricked thousands of Chrome browser users by cloning the name and logo of the popular ad-blocking software which is used by around 10 million people.

Attackers spreading new malware called FormBook are singling out aerospace firms, defense contractors and some manufacturing organizations in the United States and South Korea.

According to researchers at FireEye, FormBook was spotted in several high-volume distribution campaigns targeting the U.S. with email containing malicious PDF, DOC or XLS attachments. FormBook targets in South Korea are being pelted with email containing malicious archive files (ZIP, RAR, ACE, and ISOs) with executable payloads.

FormBook is a type of data-stealing malware used in espionage and is capable of keystroke logging, stealing clipboard contents and extracting data from HTTP sessions. Once installed, the malware can also execute commands from a command-and-control (C2) server such as instructing the malware to download more files, start processes, shutdown and reboot a system and steal cookies and local passwords, according to a FireEye report co-authored by Nart Villeneuve, Randi Eitzman, Sandor Nemes and Tyler Dean.

Former CEO of Equifax Richard Smith hasn't gotten much right of late following his former company's data breach and fumbling of the aftermath. But one thing Smith has correct is that Social Security numbers need to go.

In testimony before the US House of Representatives Committee on Financial Services, Smith was grilled by legislators, but did garner some agreement when he said the following:

"We should consider the creation of a public private partnership to begin a dialogue on replacing the Social Security Number as the touchstone for identity verification in this country. It is time to have identity verification procedures that match the technological age in which we live."

The threat actor, known as OilRig, was recently spotted launching attacks against an organization within the government of the United Arab Emirates (UAE).

When it first discovered the group’s activities back in May 2016, Palo Alto Networks believed the attacks had been carried out by a known group, but researchers later determined that the campaign was actually the work of a new actor, which is now tracked as OilRig.

OilRig has been known to use a remote access trojan (RAT) named ISMDoor, which researchers also identified in attacks launched by another Iran-linked cyberspy group known as Greenbug.

4G and 5G wireless networks' Evolved Packet Core (EPC) architecture can be exploited to intercept and collect mobile data as well as launch denial-of-service (DoS) attacks, according to new research.

Positive Technologies recently discovered a key flaw in EPC's GTPv2 protocol: EPC's special interfaces used to exchange information between its components and based on its GTPv2 protocols lack built-in data encryption mechanisms.

The findings represent the latest in a string of vulnerabilities discovered in 4G networks. Researchers have spotted flaws that can be exploited to make IMSI-catchers more adept at snooping, as well as to allow the Diameter protocol to play a role in launching DoS attacks on 4G and 5G devices.

It began when the hopeful spirit of international peace and cooperation during the Sochi Winter Olympics turned to fear and uncertainty when Ukraine's government ousted its president, Viktor Yanukovych, a close ally of Russian president Vladimir Putin.

This was followed by a referendum and a vote in the Ukraine's Crimea region to secede from its parent country and to rejoin Russia, overturning the former Soviet Union's actions under Nikita Khrushchev to make it part of the Ukrainian Soviet Socialist Republic in 1954.

Stealthcare Web Privacy Statement

Privacy Statement

Stealthcare, LLC has adopted this privacy policy in order to ensure users of our commitment and dedication to privacy. The following privacy guidelines apply to the website “stealthcare.com” and “stealthcarelabs.com” (Sites). Stealthcare respects your right to privacy. We invite you to visit our site to search or browse the site without revealing who you are or registering with us. However, if you choose to give us personal information via the Internet that we may need, it is our intent to let you know how we will use such information. If you tell us that you do not wish to have this information used as a basis for further contact with you, we will endeavor to respect your wishes.

Registration

Registration is not required to gain access to the commercial site. However, there are sections of our web sites that do require authentication.

Security and Privacy

Stealthcare’s websites use reasonable commercial methods and security measures to protect against the loss, misuse, and alteration of the information under our control. We store the information in a database in a secure environment protected from unauthorized access, use, or disclosure. When personal information is transmitted, it is protected with encryption, such as the Secure Socket Layer (SSL) protocol.

Statistical Information About Your Visit

When you visit our Site, some information such as your Internet Protocol address, Internet service provider, operating system, the Site from which you arrived, and the time and date of your visit may be collected automatically as part of the software operation of this Site. This intake of information is not personally identifiable. Stealthcare, LLC uses this information solely for internal marketing purposes, for example, to see what pages are most frequently visited in order to improve the Site. After it is used for internal marketing purposes, this information is discarded.We also collect information through the use of a technology called “cookies.” A cookie is a small file that a web site can send to your browser, which is then stored on your system by your browser. The use of cookie technology on e-mergingtechnologies.com or etg1.com is solely for internal marketing purposes. If you are uncomfortable accepting cookies from our Site or any other, you can set your browser to notify you when a Site attempts to send you a cookie, giving you the opportunity to decide for yourself whether or not to accept the cookie. You can also set your browser to turn off cookies.

Stealthcare collects the information (including personally identifiable information) you provide when you send us e-mails, when you register for any of our events or classes, and in the operation of services.Please keep in mind that if you directly disclose personally identifiable information or personally sensitive data through Stealthcare public message boards, this information may be collected and used by others.

Personal Information

To opt-out from having any provided information used for email communications from us, please click on the opt-out (unsubscribe) link in any message you receive from us. This will allow you to unsubscribe or update your message preferences. Alternately, you may contact us at info@stealthcare.com.

Opt-Out

Any time Stealthcare, LLC collects information that you voluntarily submit, it is Stealthcare, LLC’s intent to inform you of why this information is being requested and how it is going to be used. We may collect personal information from you including phone, electronic mail address, and other information you choose to provide at various times, for example, when you complete an online form or request. Stealthcare, LLC uses the personal information we collect online to process your requests, inform you of opportunities that we believe you might find interesting, and to understand your needs so that we can provide you with the highest quality of service. Stealthcare, LLC intends to protect and secure the personal information that you submit to this Site. Stealthcare, LLC will not sell, distribute, or give your personal information to any third party without your knowledge and consent. Stealthcare, LLC shall not be liable for any personal information that you submit to external vendors or to any web site linked to this Site.

Resume Collection

The Site provides a capability for users to submit their resumes to Stealthcare, LLC via a third party subscription based website we have authorized. Any resume so received by Stealthcare, LLC will be held in confidence and used only for the purpose of considering the submitting party for employment. Such information is not shared with third parties external to Stealthcare, LLC domestic and international branches.

Blog Sites

If you leave a comment on a Stealthcare blog, please be advised that any personally identifiable information you submit on our blog site can be read, collected, or otherwise used by anyone who reads the blog or who visits the URL of the blog post you comment on. We are not responsible for use of this information by non-Stealthcare personnel.

Your name and e-mail are required for verification and protection against spam. The name you leave will be published and is used as an identifier of the comment. The email provided is not published and will not be sold, rented, or shared outside of this arrangement unless ordered by a court of law.

Children’s Privacy and Usage of the Site

This Site is intended for people over the age of 18. It is not intended for children, and we ask that minors not submit any personal information to us. Stealthcare does not knowingly solicit or collect information from children or minors (under the age of 18).

Policy Consent

By using our websites, you agree to this Privacy Policy. This policy appears in its completed form and supersedes any earlier version.

Contact

If you have any questions about this Site, please email info@stealthcare.com

Nature of Data on the Internet

It is Stealthcare, LLC’s intent to guard any personal information that you submit to us, and Stealthcare, LLC will continue to take steps to maintain the security of this Site. However, the data we collect from you may be distributed throughout Stealthcare, LLC and the open nature of the Internet is such that data may flow over networks without security measures and may be accessed and used by people other than those for whom the data is intended. Therefore, in submitting personal information to the Site, you assume the risk of a third party obtaining that information.